Helping ordinary people create extraordinary websites!
| |
Helping ordinary people create extraordinary websites! |
Clickbank Security Using PHPBy Robert Plank2005-05-25 
Using someone else's code
This is the PHP function they give us: function cbValid($seed, $cbpop, $secret_key) {This function cbValid takes three parameters: $seed, $cbpop, and $secret_key. The script goes through that last step of ours I explained above, does the crazy shit and then compares the result to the one given to us by Clickbank. Now we need to figure out what to do if your customer really didn't pay. The easiest thing to do, is just stop the script in its tracks, preventing the page under it from loading. if (!cbValid($seed, $cbpop, $secret_key)) die(); The exclamation point means "not". We're saying, first try this... cbValid($seed, $cbpop, $secret_key) ... pass the seed, proof of purchase, and secret key into your black box. If the function tells us NO, do the rest. In this case, "die". Die stops everything immediately, so if you have HTML or PHP code below that line, it won't be looked at if the Clickbank validation fails. The "proper" way to grab $seed from the query string is this way: if (!cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) die(); You could also redirect the user to an error page of yours if you like: if (!cbValid($_GET["seed"], $_GET["cbpop"], $secret_key)) {Instead of $seed and $cbpop we use $_GET["seed"] and $_GET["cbpop"]. This is because the variables don't appear magically out of thin air, they really appear in the URL as http://www.your.url/test.php?seed=SOMESEED&cbpop=SOMEPOP. We want these values to be taken out of the URL. Tutorial Pages: » The first step » "Cookie Cutter" tools » Using someone else's code » Use mine » Couldn't the download url, hash, and receipt be shared?
|
 |